Hacker Attempted to Extort a Fraud Market Admin

In late October, an alleged hacker uploaded a warning to the administrators of Basetools.ws, a clearnet fraud marketplace. The hacker’s warning came in a Pastebin post as part of a threat that if the admins refused to pay a ransom fee, the hacker would release information on the site’s owner(s). Not only would the hacker reveal information on the suspected administrators, but the entity said that United States law enforcement agencies would be receiving the information. Basetools went offline during the extortion attempt.

Under the aliases “spiderspidy” and “jcreep,” one or more hackers uploaded two pastes titled “BASETOOLS.PW – MARKET (DATABASE LEAKED).” The pastes accused the admins of manipulating stats and reseller stats. According to spiderspidy, the owner of the market opened a reseller account named “RedHat” that stays in first place. As of the writing of this article, RedHat was not in first place.

“MESSAGE TO BASETOOLS OWNER:

Hello, you have only 24 hours to PAY 50.000$ OTHERWISE YOU WILL BE EXPOSED AROUND THE WORLD & ALSO WE HAVE TOO MANY PROOFS THAT WE HAVENT (sic) INCLUDED THEM HERE AND THOSE WE WILL SENT TO THE RELEVANT BODIES LIKE: “DEPARTMENT OF THE TREASURY”, “HOMELAND SECURITY INVESTIGATION”, “DEPARTMENT OF JUSTICE”, “FEDERAL BUREAU OF INVESTIGATION.”

The hacker uploaded screenshots to prove that he had accessed the market’s backend. One screenshot was a picture of the admin dashboard and support panel. The picture shows the last 15 sales, last nine tools refunded, the total number of opened (support) reports, customer reports, total reports, and total tickets. Not only does the support panel resemble the market’s style and UI, but it also shows sellers and usernames of actual vendors on the site, including RedHat.

The hacker(s) claimed they “corrupted the internet provider” of the programmer of the site. In order to prove they had accessed information that incriminated the programmer, they uploaded a screenshot of RedHat’s I.P. address and first and last initial. They also claimed that they “exposed” the owner of Basetools.pw. They uploaded the same information they had already uploaded for the programmer, minus the initials.

The site went back online on November 1 and the administrator(s) posted a message to the users, apologizing for the one day the market had been down. They went down due to maintenance and site updates, the post said. “We have added option reset password using your email, you can reset your password if you forget it,” the recently extorted administrators wrote in the post. “Remember BaseTools will never be closed, we will be online in every moment,” they added. The marketplace has been online ever since and the hacker(s) could not be reached for comment.